方法一:使用EnumProcessModule
使用EnummProcessModule
1
2/**//*
3 * ShowProcessPath 2.0
4 * 版权所有 (C) 2005 赵春生
5 * 2005.09.02
6 * http://timw.yeah.net
7 * http://timw.126.com
8 * 本程序适用于:WinNT
9 * 代码在Win2000P+SP4 + VC6+SP6测试通过
10*/
11
12#include <stdio.h>
13#include <windows.h>
14#include "PSAPI.H"
15#pragma comment( lib, "PSAPI.LIB" )
16
17//自定义函数:赋予指定特权。这里用来提升程序权限。
18BOOL EnablePrivilege(HANDLE hToken,LPCSTR szPrivName);
19
20int main(void)
21{
22
23 DWORD processid[1024],needed,processcount,i;
24 HANDLE hProcess;
25 HMODULE hModule;
26 char path[MAX_PATH] = "",temp[256];
27
28 HANDLE hToken;
29
30 printf("ShowProcessPath 2.0 with [Process Status API]\n\n");
31
32 if ( OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken) )
33 {
34 if (EnablePrivilege(hToken,SE_DEBUG_NAME))
35 {
36
37 EnumProcesses(processid, sizeof(processid), &needed);
38 processcount=needed/sizeof(DWORD);
39
40 for (i=0;i<processcount;i++)
41 {
42 hProcess=OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,false,processid[i]);
43 if (hProcess)
44 {
45 EnumProcessModules(hProcess, &hModule, sizeof(hModule), &needed);
46 GetModuleFileNameEx(hProcess, hModule, path, sizeof(path));
47 GetShortPathName(path,path,256);
48 itoa(processid[i],temp,10);
49 printf("%s --- %s\n",path,temp);
50 }
51 else
52 printf("Failed!!!\n");
53 }
54 }
55 }
56
57 CloseHandle(hProcess);
58 CloseHandle(hModule);
59
60 itoa(processcount,temp,10);
61 printf("\nProcess Count:%s\n\n",temp);
62
63 return 0;
64}
65
66/**///////////////////////////////////////////////////////////////////////
67
68BOOL EnablePrivilege(HANDLE hToken,LPCSTR szPrivName)
69{
70
71 TOKEN_PRIVILEGES tkp;
72
73 LookupPrivilegeValue( NULL,szPrivName,&tkp.Privileges[0].Luid );//修改进程权限
74 tkp.PrivilegeCount=1;
75 tkp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;
76 AdjustTokenPrivileges( hToken,FALSE,&tkp,sizeof tkp,NULL,NULL );//通知系统修改进程权限
77
78 return( (GetLastError()==ERROR_SUCCESS) );
79
80}
81
82/**///////////////////////////////////////////////////////////////////////
83
84
方案二:区分操作系统
1/**/////////////////////////////////////////////////////////////////////////////////
2// EnumWin32Proc.c
3// 编译方法:
4// 1、运行 C:\Program Files\Microsoft Visual Studio\VC98\Bin\VCVARS32.BAT.
5// 2、运行 bldexe.bat.
6//
7/**/////////////////////////////////////////////////////////////////////////////////
8#include <windows.h>
9#include <stdio.h>
10#include <tlhelp32.h>
11#include <vdmdbg.h>
12
13typedef BOOL (CALLBACK *PROCENUMPROC)(DWORD, WORD, LPSTR, LPARAM);
14
15typedef struct {
16 DWORD dwPID;
17 PROCENUMPROC lpProc;
18 DWORD lParam;
19 BOOL bEnd;
20} EnumInfoStruct;
21
22BOOL WINAPI EnumProcs(PROCENUMPROC lpProc, LPARAM lParam);
23
24BOOL WINAPI Enum16(DWORD dwThreadId, WORD hMod16, WORD hTask16,
25 PSZ pszModName, PSZ pszFileName, LPARAM lpUserDefined);
26
27//
28// The EnumProcs function takes a pointer to a callback function
29// that will be called once per process with the process filename
30// and process ID.
31//
32// lpProc -- Address of callback routine.
33//
34// lParam -- A user-defined LPARAM value to be passed to
35// the callback routine.
36//
37// Callback function definition:
38// BOOL CALLBACK Proc(DWORD dw, WORD w, LPCSTR lpstr, LPARAM lParam);
39//
40BOOL WINAPI EnumProcs(PROCENUMPROC lpProc, LPARAM lParam) {
41
42 OSVERSIONINFO osver;
43 HINSTANCE hInstLib = NULL;
44 HINSTANCE hInstLib2 = NULL;
45 HANDLE hSnapShot = NULL;
46 LPDWORD lpdwPIDs = NULL;
47 PROCESSENTRY32 procentry;
48 BOOL bFlag;
49 DWORD dwSize;
50 DWORD dwSize2;
51 DWORD dwIndex;
52 HMODULE hMod;
53 HANDLE hProcess;
54 char szFileName[MAX_PATH];
55 EnumInfoStruct sInfo;
56
57 // ToolHelp Function Pointers.
58 HANDLE (WINAPI *lpfCreateToolhelp32Snapshot)(DWORD, DWORD);
59 BOOL (WINAPI *lpfProcess32First)(HANDLE, LPPROCESSENTRY32);
60 BOOL (WINAPI *lpfProcess32Next)(HANDLE, LPPROCESSENTRY32);
61
62 // PSAPI Function Pointers.
63 BOOL (WINAPI *lpfEnumProcesses)(DWORD *, DWORD, DWORD *);
64 BOOL (WINAPI *lpfEnumProcessModules)(HANDLE, HMODULE *, DWORD,
65 LPDWORD);
66 DWORD (WINAPI *lpfGetModuleBaseName)(HANDLE, HMODULE, LPTSTR, DWORD);
67
68 // VDMDBG Function Pointers.
69 INT (WINAPI *lpfVDMEnumTaskWOWEx)(DWORD, TASKENUMPROCEX, LPARAM);
70
71 // Retrieve the OS version
72 osver.dwOSVersionInfoSize = sizeof(osver);
73 if (!GetVersionEx(&osver))
74 return FALSE;
75
76 // If Windows NT 4.0
77 if (osver.dwPlatformId == VER_PLATFORM_WIN32_NT
78 && osver.dwMajorVersion == 4) {
79
80 __try {
81
82 // Get the procedure addresses explicitly. We do
83 // this so we don't have to worry about modules
84 // failing to load under OSes other than Windows NT 4.0
85 // because references to PSAPI.DLL can't be resolved.
86 hInstLib = LoadLibraryA("PSAPI.DLL");
87 if (hInstLib == NULL)
88 __leave;
89
90 hInstLib2 = LoadLibraryA("VDMDBG.DLL");
91 if (hInstLib2 == NULL)
92 __leave;
93
94 // Get procedure addresses.
95 lpfEnumProcesses = (BOOL (WINAPI *)(DWORD *, DWORD, DWORD*))
96 GetProcAddress(hInstLib, "EnumProcesses");
97
98 lpfEnumProcessModules = (BOOL (WINAPI *)(HANDLE, HMODULE *,
99 DWORD, LPDWORD)) GetProcAddress(hInstLib,
100 "EnumProcessModules");
101
102 lpfGetModuleBaseName = (DWORD (WINAPI *)(HANDLE, HMODULE,
103 LPTSTR, DWORD)) GetProcAddress(hInstLib,
104 "GetModuleBaseNameA");
105
106 lpfVDMEnumTaskWOWEx = (INT (WINAPI *)(DWORD, TASKENUMPROCEX,
107 LPARAM)) GetProcAddress(hInstLib2, "VDMEnumTaskWOWEx");
108
109 if (lpfEnumProcesses == NULL
110 || lpfEnumProcessModules == NULL
111 || lpfGetModuleBaseName == NULL
112 || lpfVDMEnumTaskWOWEx == NULL)
113 __leave;
114
115 //
116 // Call the PSAPI function EnumProcesses to get all of the
117 // ProcID's currently in the system.
118 //
119 // NOTE: In the documentation, the third parameter of
120 // EnumProcesses is named cbNeeded, which implies that you
121 // can call the function once to find out how much space to
122 // allocate for a buffer and again to fill the buffer.
123 // This is not the case. The cbNeeded parameter returns
124 // the number of PIDs returned, so if your buffer size is
125 // zero cbNeeded returns zero.
126 //
127 // NOTE: The "HeapAlloc" loop here ensures that we
128 // actually allocate a buffer large enough for all the
129 // PIDs in the system.
130 //
131 dwSize2 = 256 * sizeof(DWORD);
132 do {
133
134 if (lpdwPIDs) {
135 HeapFree(GetProcessHeap(), 0, lpdwPIDs);
136 dwSize2 *= 2;
137 }
138
139 lpdwPIDs = (LPDWORD) HeapAlloc(GetProcessHeap(), 0,
140 dwSize2);
141 if (lpdwPIDs == NULL)
142 __leave;
143
144 if (!lpfEnumProcesses(lpdwPIDs, dwSize2, &dwSize))
145 __leave;
146
147 } while (dwSize == dwSize2);
148
149 // How many ProcID's did we get?
150 dwSize /= sizeof(DWORD);
151
152 // Loop through each ProcID.
153 for (dwIndex = 0; dwIndex < dwSize; dwIndex++) {
154
155 szFileName[0] = 0;
156
157 // Open the process (if we can security does not
158 // permit every process in the system to be opened).
159 hProcess = OpenProcess(
160 PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,
161 FALSE, lpdwPIDs[dwIndex]);
162 if (hProcess != NULL) {
163
164 // Here we call EnumProcessModules to get only the
165 // first module in the process. This will be the
166 // EXE module for which we will retrieve the name.
167 if (lpfEnumProcessModules(hProcess, &hMod,
168 sizeof(hMod), &dwSize2)) {
169
170 // Get the module name
171 if (!lpfGetModuleBaseName(hProcess, hMod,
172 szFileName, sizeof(szFileName)))
173 szFileName[0] = 0;
174 }
175 CloseHandle(hProcess);
176 }
177 // Regardless of OpenProcess success or failure, we
178 // still call the enum func with the ProcID.
179 if (!lpProc(lpdwPIDs[dwIndex], 0, szFileName, lParam))
180 break;
181
182 // Did we just bump into an NTVDM?
183 if (_stricmp(szFileName, "NTVDM.EXE") == 0) {
184
185 // Fill in some info for the 16-bit enum proc.
186 sInfo.dwPID = lpdwPIDs[dwIndex];
187 sInfo.lpProc = lpProc;
188 sInfo.lParam = (DWORD) lParam;
189 sInfo.bEnd = FALSE;
190
191 // Enum the 16-bit stuff.
192 lpfVDMEnumTaskWOWEx(lpdwPIDs[dwIndex],
193 (TASKENUMPROCEX) Enum16, (LPARAM) &sInfo);
194
195 // Did our main enum func say quit?
196 if (sInfo.bEnd)
197 break;
198 }
199 }
200
201} __finally {
202
203 if (hInstLib)
204 FreeLibrary(hInstLib);
205
206 if (hInstLib2)
207 FreeLibrary(hInstLib2);
208
209 if (lpdwPIDs)
210 HeapFree(GetProcessHeap(), 0, lpdwPIDs);
211}
212
213// If any OS other than Windows NT 4.0.
214} else if (osver.dwPlatformId == VER_PLATFORM_WIN32_WINDOWS
215 || (osver.dwPlatformId == VER_PLATFORM_WIN32_NT
216 && osver.dwMajorVersion > 4)) {
217
218 __try {
219
220 hInstLib = LoadLibraryA("Kernel32.DLL");
221 if (hInstLib == NULL)
222 __leave;
223
224 // If NT-based OS, load VDMDBG.DLL.
225 if (osver.dwPlatformId == VER_PLATFORM_WIN32_NT) {
226 hInstLib2 = LoadLibraryA("VDMDBG.DLL");
227 if (hInstLib2 == NULL)
228 __leave;
229 }
230
231 // Get procedure addresses. We are linking to
232 // these functions explicitly, because a module using
233 // this code would fail to load under Windows NT,
234 // which does not have the Toolhelp32
235 // functions in KERNEL32.DLL.
236 lpfCreateToolhelp32Snapshot =
237 (HANDLE (WINAPI *)(DWORD,DWORD))
238 GetProcAddress(hInstLib, "CreateToolhelp32Snapshot");
239
240 lpfProcess32First =
241 (BOOL (WINAPI *)(HANDLE,LPPROCESSENTRY32))
242 GetProcAddress(hInstLib, "Process32First");
243
244 lpfProcess32Next =
245 (BOOL (WINAPI *)(HANDLE,LPPROCESSENTRY32))
246 GetProcAddress(hInstLib, "Process32Next");
247
248 if (lpfProcess32Next == NULL
249 || lpfProcess32First == NULL
250 || lpfCreateToolhelp32Snapshot == NULL)
251 __leave;
252
253 if (osver.dwPlatformId == VER_PLATFORM_WIN32_NT) {
254 lpfVDMEnumTaskWOWEx = (INT (WINAPI *)(DWORD, TASKENUMPROCEX,
255 LPARAM)) GetProcAddress(hInstLib2, "VDMEnumTaskWOWEx");
256 if (lpfVDMEnumTaskWOWEx == NULL)
257 __leave;
258 }
259
260 // Get a handle to a Toolhelp snapshot of all processes.
261 hSnapShot = lpfCreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
262 if (hSnapShot == INVALID_HANDLE_VALUE) {
263 FreeLibrary(hInstLib);
264 return FALSE;
265 }
266
267 // Get the first process' information.
268 procentry.dwSize = sizeof(PROCESSENTRY32);
269 bFlag = lpfProcess32First(hSnapShot, &procentry);
270
271 // While there are processes, keep looping.
272 while (bFlag) {
273
274 // Call the enum func with the filename and ProcID.
275 if (lpProc(procentry.th32ProcessID, 0,
276 procentry.szExeFile, lParam)) {
277
278 // Did we just bump into an NTVDM?
279 if (_stricmp(procentry.szExeFile, "NTVDM.EXE") == 0) {
280
281 // Fill in some info for the 16-bit enum proc.
282 sInfo.dwPID = procentry.th32ProcessID;
283 sInfo.lpProc = lpProc;
284 sInfo.lParam = (DWORD) lParam;
285 sInfo.bEnd = FALSE;
286
287 // Enum the 16-bit stuff.
288 lpfVDMEnumTaskWOWEx(procentry.th32ProcessID,
289 (TASKENUMPROCEX) Enum16, (LPARAM) &sInfo);
290
291 // Did our main enum func say quit?
292 if (sInfo.bEnd)
293 break;
294 }
295
296 procentry.dwSize = sizeof(PROCESSENTRY32);
297 bFlag = lpfProcess32Next(hSnapShot, &procentry);
298
299 } else
300 bFlag = FALSE;
301 }
302
303 } __finally {
304
305 if (hInstLib)
306 FreeLibrary(hInstLib);
307
308 if (hInstLib2)
309 FreeLibrary(hInstLib2);
310 }
311
312} else
313return FALSE;
314
315// Free the library.
316FreeLibrary(hInstLib);
317
318return TRUE;
319}
320
321
322BOOL WINAPI Enum16(DWORD dwThreadId, WORD hMod16, WORD hTask16,
323 PSZ pszModName, PSZ pszFileName, LPARAM lpUserDefined) {
324
325 BOOL bRet;
326
327 EnumInfoStruct *psInfo = (EnumInfoStruct *)lpUserDefined;
328
329 bRet = psInfo->lpProc(psInfo->dwPID, hTask16, pszFileName,
330 psInfo->lParam);
331
332 if (!bRet)
333 psInfo->bEnd = TRUE;
334
335 return !bRet;
336}
337
338
339BOOL CALLBACK MyProcessEnumerator(DWORD dwPID, WORD wTask,
340 LPCSTR szProcess, LPARAM lParam) {
341
342 if (wTask == 0)
343 printf("%5u %s\n", dwPID, szProcess);
344 else
345 printf(" %5u %s\n", wTask, szProcess);
346
347 return TRUE;
348}
349
350
351void main() {
352 EnumProcs((PROCENUMPROC) MyProcessEnumerator, 0);
353}
源码三
1nt ProcessList()
2{
3 PROCESSENTRY32 pe32;
4 pe32.dwSize=sizeof(pe32);
5 int count=0;
6
7 HANDLE hProcessSnap=::CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
8
9 if(hProcessSnap==INVALID_HANDLE_VALUE)
10 {
11 printf("CreateToolhelp32Snapshot调用失败!");
12 return -1;
13 }
14
15 BOOL bMore=::Process32First(hProcessSnap,&pe32);
16
17 printf("%20s\t%10s\n","进程名","PID");
18 printf("====================================\n");
19 while(bMore)
20 {
21 count++;
22 printf("%20s\t%10d\n",pe32.szExeFile,pe32.th32ProcessID);
23 bMore=::Process32Next(hProcessSnap,&pe32);
24 }
25
26 ::CloseHandle(hProcessSnap);
27
28 printf("====================================\n");
29 printf("\n当前系统进程数为:%d\n",count);
30
31 return 0;
32}
posted on 2009-02-06 10:58
鹿哥 阅读(2459)
评论(0) 编辑 收藏 引用 所属分类:
WIN32